1 Reply Latest reply: Nov 21, 2016 2:52 PM by Karthikeyan Subramaniam RSS

    Qlik Sense - SAML / Azure

    Erik Chubb

      Hello All,

       

      I am in the process of setting up a test instance of Qlik Sense and SAML Authentication via Azure's AD.

       

      I found the link - https://www.qlikcommunity.org/thread/218515 and I followed it to setup the Virtual Proxy and the web application in my Azure Portal but I am having an issue when I browse out to the application link.

       

      I get an error message when i try to browse out to the Qlik Sense Site through the virtual proxy i created.

       

      Additional technical information:

      Correlation ID: 8db078de-f4a9-48bd-a175-61b2492d8d26

      Timestamp: 2016-11-21 16:30:07Z

      AADSTS70001: Application with identifier 'https://qliksaml.company.com/azure' was not found in the directory f8861847-f1ec-450b-a162-cfc470073a20

       

      I was wondering if anyone could possibly review the settings I have defined in the Qlik Sense Virtual Proxy to see if they are right, the only thing i took out was the company name... and changed it to company

       

      Identification


      Name: Azure

      Prefix: azure

      Session inactivy timeout: 30

      Session cookiename: X-Qlik-Session-Azure

       

      Authentication

      Anonymous access mode: No anonymous user

      Authentication method: SAML

      SAML Host URI: https://qliksaml.company.com/

      SAML Entity Id: https://qliksaml.company.com/azure

      SAML IdP Metadata: in the XML file

      SAML attribute for user ID: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

      SAML attribute for user directory: [Azure]

      SAML signing algorithm: SHA-1


      Now what I am unsure of is do we need to map out any attributes further?


      I mapped out these attributes

      SAML Attribute - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn to QLIK Sense Attribute user

      SAML Attribute - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailadderess to QLIK Sense Attribute email


      They are both not set as mandatory.


      Is this an issue with Azure AD or Qlik Sense? I would really appreciate some help with this.